CloudFormation

AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code. With CloudFormation, you declare all your resources and dependencies in a template file. The template defines a collection of resources as a single unit called a stack. CloudFormation creates and deletes all member resources of the stack together and manages all dependencies between the resources for you.

Manage your CloudFormation stack within env0, to enjoy features, such as Continuous Deployment, Policies and RBAC. You can also use Custom Flows to alter the deployment by running commands, or Workflows to orchestrate multiple IaC stacks and dependencies between them.

Environment Deployment

  1. Create a CloudFormation Template.
  2. Create an Environment. You can set the stack name or env0 can generate random name for you.

CloudFormation Stack Parameters

To provide parameters to a CloudFormation stack, use env0 Variables. Any environment variable prefixed with ENV0_CF_PARAM_ will be passed as a parameter to the CloudFormation stack. For example, if you set the environment variable ENV0_CF_PARAM_STAGE=dev, the CloudFormation stack will receive the parameter STAGE=dev.

env0 creates a file containing all the parameters and their values, and passes it to the deploy command (--parameter-overrides file://<parameters_file>.

You can control the name of the parameters file by setting the ENV0_CF_PARAMETERS_FILE environment variable. This can be helpful if you already have a parameters file (from VCS or generated using Custom Flows). env0 will merge it with parameters from any ENV0_CF_PARAM_XXX environment variables. See section below for an example parameters file.

Execution Steps

Other then common steps such as Clone, Loading variables, etc. env0 executes following steps for CloudFormation environments.

  • On Deploy:

    1. CloudFormation Describe Change Set
      awsv2 cloudformation deploy --stack-name <stack_name> --template-file <template_file> --no-execute-changeset --parameter-overrides file://<parameters_file>
      awsv2 cloudformation describe-change-set --change-set-name <change_set_name>
    2. CloudFormation deploy
      awsv2 cloudformation deploy --stack-name <stack_name> --template-file <template_file> --parameter-overrides file://<parameters_file>
    3. CloudFormation Stack Outputs
      awsv2 cloudformation describe-stacks --stack-name <stack_name>
  • On Destroy:

    1. CloudFormation List Stack Resources (to list resources that will be destroyed)
      awsv2 cloudformation list-stack-resources --stack-name <stack_name>
    2. CloudFormation Delete Stack
      awsv2 cloudformation delete-stack --stack-name <stack_name>
      awsv2 cloudformation wait stack-delete-complete --stack-name <stack_name>
  • Drift Detection:

    1. Cloudformation - Detect stack drift (To trigger Drift detection)
      awsv2 cloudformation detect-stack-drift --stack-name <stack_name>
    2. Cloudformation - Describe stack drift detection status
      awsv2 cloudformation describe-stack-drift-detection-status --stack-drift-detection-id <drift_detection_id>
    3. Cloudformation - Describe stack resources drift
      awsv2 cloudformation describe-stack-resources-drift --stack-name <stack_name> --stack-resource-drift-status-filters MODIFIED CREATED NOT_CHECKED

πŸ“˜

Drift Detection

Not all Cloudformation resources support Drift Detection,
you can find a list with all the supported resources here.

Also in order for Drift Detection to function properly you might need to have proper permissions in place you can find further information here

Providing custom CloudFormation CLI Arguments

Occasionally, you may need to pass CLI arguments as CloudFormation commands.

These can be passed to CloudFormation by setting Environment Variables on env0, prefixed by ENV0_CF_CLI_ARGS_. An example of a CloudFormation command (with an underscore for dashes) would look as follows: ENV0_CF_CLI_ARGS_deploy, ENV0_CF_CLI_ARGS_delete_stack etc.

A common use case is when trying to create IAM resources. CloudFormation may require you to explicitly acknowledge that your stack template contains certain capabilities in order for AWS CloudFormation to create the stack.

In that case, you could set ENV0_CF_CLI_ARGS_deploy to --capabilities CAPABILITY_NAMED_IAM.
Multiple arguments may be set, separated by a blank space ( ).

Templates with a size greater than 51,200 bytes must be deployed via an S3 Bucket

In this case when your templates exceed the size limit, you must specify a bucket to store the template. In env0 set ENV0_CF_CLI_ARGS_deploy=--s3-bucket=<bucket> where bucket is an s3 bucket to store the template.

Import existing CloudFormation Stacks

env0 can manage existing CloudFormation Stacks. In order to import an existing into env0 please follow the instructions below:

  1. Prepare the template used to create the stack into a git repo
  2. Prepare any parameters you've used to configure the stack.
  3. Create an Environment from VCS or Template. If using a Template, please refer to our Template Docs for creating a CloudFormation Template in env0.
  4. Add the parameters as described above (ENV0CF_PARAM*)
  5. Specify the Stack Name, exactly as listed in the AWS console.

Example CloudFormation parameters file

Here's an example of a parameters json file you would either create or use with your CloudFormation stack.

[
  {
    "ParameterKey": "BucketName",
    "ParameterValue": "hello-world"
  },
  {
    "ParameterKey": "Description",
    "ParameterValue": "This is my description."
  }
]

Adding Custom Tags

Using ENV0_CUSTOM_TAGS you can add additional tags to your CloudFormation stack. Read more here.